Geoff Chappell - Software Analyst
Sets low integrity for a specified folder, creating the folder if necessary.
HRESULT SetupLowFolderPath (PCWSTR pszFolder);
The pszFolder argument provides the address of a path to the folder.
The function returns zero for success, else an error code.
The function succeeds trivially if the folder is remote, meaning specifically that the volume mount point has the drive type DRIVE_REMOTE. Otherwise, the function tries to set low integrity for the folder. If access is denied, the function takes full control of the folder and then retries to set low integrity.
If not running on Windows Vista or higher, setting low integrity for the folder will not be possible, and the function fails (returning S_FALSE). The function opens the folder, asking for WRITE_OWNER and STANDARD_RIGHTS_WRITE access rights. If this fails because the folder does not exist, the function creates the folder, including to create any folders needed along the path (see SHCreateDirectory). If this succeeds, or if it fails because the folder meanwhile came into existence by other means, the function tries again to open the folder. If the folder cannot be opened, the function fails. Given that the folder (or file) has been opened, the function sets low integrity for it by calling the SetFileHandleIntegrityLevel function with the particular SID that is represented by LW in the Security Descriptor Definition Language.
Note that although the function’s name does not suggest it is intended for use on a file, the preceding algorithm does not insist that pszFolder be the path to a folder rather than a file. The function can be used to set low integrity for a file that already exists, but with the side-effect that if the file doesn’t exist, it will get created as a directory.
Taking full control of the folder is a matter of adding an access-allowed ACE for the current process’s user account. The new ACE is inheritable both by files and subfolders, and grants FILE_ALL_ACCESS rights. Note that the function does not undo this after setting low integrity: full access is a possible side-effect of this function. A quirk that may matter to someone is that if the function does try to take full control, it works with a copy of the given path and thus picks up a limit of MAX_PATH characters.
Version 7.0 has no provision for taking full control in order to retry setting low integrity. Also, version 7.0 creates the folder using the standard Windows API function CreateDirectory, and thus does not create intermediate folders. It also does not allow that the folder may meanwhile have got created by other hands.
The SetupLowFolderPath function is exported from IERTUTIL as ordinal 38 in version 7.0 and higher.